From c4a6cf1534b864d3941c839d4a4dca7e505bd828 Mon Sep 17 00:00:00 2001 From: Quentin Date: Sat, 12 Sep 2020 10:03:48 +0200 Subject: Rebase first step --- man/nextcloud/README.md | 60 ------------------------------------------------- 1 file changed, 60 deletions(-) delete mode 100644 man/nextcloud/README.md (limited to 'man/nextcloud/README.md') diff --git a/man/nextcloud/README.md b/man/nextcloud/README.md deleted file mode 100644 index f68520b..0000000 --- a/man/nextcloud/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# How to setup NextCloud - -## First setup - -It's complicated. - -First, create a service user `nextcloud` and a database `nextcloud` it owns. Also create a Garage access key and bucket `nextcloud` it is allowed to use. - -Fill in the following Consul keys with actual values: - -``` -secrets/nextcloud/db_user -secrets/nextcloud/db_pass -secrets/nextcloud/garage_access_key -secrets/nextcloud/garage_secret_key -``` - -Create the following Consul keys with empty values: - -``` -secrets/nextcloud/instance_id -secrets/nextcloud/password_salt -secrets/nextcloud/secret -``` - -Start the nextcloud.hcl nomad service. Enter the container and call `occ maintenance:install` with the correct database parameters as user `www-data`. -A possibility: call the admin user `nextcloud` and give it the same password as the `nextcloud` service user. - -Cat the newly generated `config.php` file and copy the instance id, password salt, and secret from there to Consul -(they were generated by the install script and we want to keep them). - -Restart the Nextcloud Nomad server. - -You should now be able to log in to Nextcloud using the admin user (`nextcloud` if you called it that). - -Go to the apps settings and enable desired apps. - -## Configure LDAP login - -LDAP login has to be configured from the admin interface. First, enable the LDAP authentification application. - -Go to settings > LDAP/AD integration. Enter the following parameters: - -- ldap server: `bottin2.service.2.cluster.deuxfleurs.fr` -- bind user: `cn=nextcloud,ou=services,ou=users,dc=deuxfleurs,dc=fr` -- bind password: password of the nextcloud service user -- base DN for users: `ou=users,dc=deuxfleurs,dc=fr` -- check "manually enter LDAP filters" -- in the users tab, edit LDAP query and set it to `(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))` -- in the login attributes tab, edit LDAP query and set it to `(&(&(|(objectclass=inetOrgPerson))(|(memberof=cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr)))(|(|(mailPrimaryAddress=%uid)(mail=%uid))(|(cn=%uid))))` -- in the groups tab, edit the LDAP query and set it to `(|(objectclass=groupOfNames))` -- in the advanced tab, enter the "directory setting" section and check/modify the following: - - user display name field: `displayname` - - base user tree: `ou=users,dc=deuxfleurs,dc=fr` - - user search attribute: `cn` - - groupe display name field: `displayname` - - **base group tree**: `ou=groups,dc=deuxfleurs,dc=fr` - - group search attribute: `cn` - -That should be it. Go to the login attributes tab and enter a username (which should have been added to the nextcloud group) to check that nextcloud is able to find it and allows it for login. -- cgit v1.2.3